Stefan Weil [Wed, 1 Apr 2015 16:57:29 +0000 (17:57 +0100)]
hw/arm/vexpress: Fix memory leak reported by Coverity
As the conditional statement had to be split anyway, we can also
add a better error report message.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id:
1426877963-3556-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Wed, 1 Apr 2015 16:57:29 +0000 (17:57 +0100)]
hw/arm/highbank: Fix resource leak and wrong image loading
Coverity reports a resource leak for sysboot_filename which is allocated
by qemu_find_file.
In addition, that name is used to get the size of the image, but a
different image name was used to load it.
In addition, instead of passing the maximum allowed image size the actual
image size was passed to load_image_targphys.
Fix all three issues.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id:
1426326781-2488-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 1 Apr 2015 10:31:31 +0000 (11:31 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Fix for object_del of in-use memory, pvpanic
regression, PPC regression and bogus error message with
Oxygen theme.
# gpg: Signature made Wed Apr 1 09:08:20 2015 BST using RSA key ID
78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
Revert "exec: Respect as_tranlsate_internal length clamp"
rcu: do not create thread in pthread_atfork callback
pc: acpi: fix pvpanic regression
hostmem: Prevent removing an in-use memory backend
qom: Add can_be_deleted callback to UserCreatableClass
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Wed, 1 Apr 2015 07:57:45 +0000 (09:57 +0200)]
Revert "exec: Respect as_tranlsate_internal length clamp"
This reverts commit
c3c1bb99d1c11978d9ce94d1bdcf0705378c1459.
It causes problems with boards that declare memory regions shorter
than the registers they contain.
Reported-by: Zoltan Balaton <balaton@eik.bme.hu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 31 Mar 2015 11:01:05 +0000 (13:01 +0200)]
rcu: do not create thread in pthread_atfork callback
If QEMU forks after the CPU threads have been created, qemu_mutex_lock_iothread
will not be able to do qemu_cpu_kick_thread. There is no solution other than
assuming that forks after the CPU threads have been created will end up in an
exec. Forks before the CPU threads have been created (such as -daemonize)
have to call rcu_after_fork manually.
Notably, the oxygen theme for GTK+ forks and shows a "No such process" error
without this patch.
This patch can be reverted once the iothread loses the "kick the TCG thread"
magic.
User-mode emulation does not use the iothread, so it can also call
rcu_after_fork.
Reported by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Igor Mammedov [Mon, 30 Mar 2015 12:18:27 +0000 (14:18 +0200)]
pc: acpi: fix pvpanic regression
Commit
cd61cb2 pc: acpi-build: generate pvpanic device description dynamically
introduced regression changing pvpanic device HID from
QEMU0001 to QEMU0002.
Fix AML generated code so that pvpanic device
would keep its original HID. i.e. QEMU0001
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Gal Hammer <ghammer@redhat.com>
Message-Id: <
1427717907-25027-1-git-send-email-imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Lin Ma [Mon, 30 Mar 2015 08:36:29 +0000 (16:36 +0800)]
hostmem: Prevent removing an in-use memory backend
showing a memory device whose memdev is removed leads an assert:
(qemu) object_add memory-backend-ram,id=ram0,size=128M
(qemu) device_add pc-dimm,id=d0,memdev=ram0
(qemu) object_del ram0
(qemu) info memory-devices
**
ERROR:qom/object.c:1274:object_get_canonical_path_component:\
assertion failed: (obj->parent != NULL)
Aborted
The patch prevents removing an in-use mem backend and error out.
Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <
1427704589-7688-3-git-send-email-lma@suse.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Lin Ma [Mon, 30 Mar 2015 08:36:28 +0000 (16:36 +0800)]
qom: Add can_be_deleted callback to UserCreatableClass
If backends implement the can_be_deleted and it returns false,
Then the qmp_object_del won't delete the given backends.
Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <
1427704589-7688-2-git-send-email-lma@suse.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Tue, 31 Mar 2015 11:12:22 +0000 (12:12 +0100)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions
* Fix for adding alias properties with [*]
# gpg: Signature made Tue Mar 31 11:59:00 2015 BST using RSA key ID
3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-peter:
qom: Fix object_property_add_alias() with [*]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Andreas Färber [Fri, 27 Mar 2015 16:34:10 +0000 (17:34 +0100)]
qom: Fix object_property_add_alias() with [*]
Commit
8074264 (qom: Add description field in ObjectProperty struct)
introduced property descriptions and copied them for alias properties.
Instead of using the caller-supplied property name, use the returned
property name for setting the description. This avoids an Error when
setting a property description for a property with literal "[*]" that
doesn't exist due to automatic property naming in object_property_add().
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable@nongnu.org (v2.2+)
Signed-off-by: Andreas Färber <afaerber@suse.de>
Peter Maydell [Tue, 31 Mar 2015 09:55:33 +0000 (10:55 +0100)]
Merge remote-tracking branch 'remotes/afaerber/tags/qtest-for-2.3' into staging
QTest cleanups
* Change fw_cfg-test and i440fx-test GTester paths
* Extend libqtest API as necessary
# gpg: Signature made Mon Mar 30 18:29:39 2015 BST using RSA key ID
3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qtest-for-2.3:
i440fx-test: Fix test paths to include architecture
qtest: Add qtest_add() wrapper macro
qtest: Add qtest_add_data_func() wrapper function
fw_cfg-test: Fix test path to include architecture
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 31 Mar 2015 08:56:48 +0000 (09:56 +0100)]
Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-
20150330' into staging
TriCore bugfixes
# gpg: Signature made Mon Mar 30 12:40:50 2015 BST using RSA key ID
6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"
* remotes/bkoppelmann/tags/pull-tricore-
20150330:
target-tricore: fix CACHEA/I_POSTINC/PREINC using data register..
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 30 Mar 2015 21:55:51 +0000 (22:55 +0100)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-
20150330' into staging
s390x fixes:
- virtqueue index issues in virtio-ccw
- cleanup and sign extension fix for the ipl device
# gpg: Signature made Mon Mar 30 08:52:54 2015 BST using RSA key ID
C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-
20150330:
s390x/ipl: avoid sign extension
s390x: do not include ram_addr.h
virtio-ccw: range check in READ_VQ_CONF
virtio-ccw: fix range check for SET_VQ
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Andreas Färber [Tue, 24 Mar 2015 18:35:22 +0000 (19:35 +0100)]
i440fx-test: Fix test paths to include architecture
Replace g_test_add_func() with new qtest_add_func() and g_test_add()
macro with qtest_add() macro. This effectively changes GTester paths:
/i440fx/foo -> /x86_64/i440fx/foo etc.
Cc: qemu-stable@nongnu.org
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Wed, 25 Mar 2015 15:52:45 +0000 (16:52 +0100)]
qtest: Add qtest_add() wrapper macro
It extends g_test_add() macro with the architecture path.
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Tue, 24 Mar 2015 18:33:34 +0000 (19:33 +0100)]
qtest: Add qtest_add_data_func() wrapper function
It calls g_test_add_data_func() with a path supplemented by the
architecture, like qtest_add_func() does.
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Thu, 19 Mar 2015 17:35:23 +0000 (18:35 +0100)]
fw_cfg-test: Fix test path to include architecture
Use qtest_add_func() instead of g_test_add_func() to reflect
the architecture tested, changing GTester paths as follows:
/fw_cfg/foo -> /x86_64/fw_cfg/foo etc.
Cc: qemu-stable@nongnu.org
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Bastian Koppelmann [Fri, 27 Mar 2015 13:55:22 +0000 (14:55 +0100)]
target-tricore: fix CACHEA/I_POSTINC/PREINC using data register..
..for address calculation instead address registers.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cornelia Huck [Thu, 26 Mar 2015 09:41:45 +0000 (10:41 +0100)]
s390x/ipl: avoid sign extension
Make s390_update_iplstate() return uint32_t to avoid sign extensions
for cssids > 127. While this doesn't matter in practice yet (as
nobody supports MCSS-E and thus won't see the real cssid), play safe.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Paolo Bonzini [Wed, 25 Mar 2015 14:56:29 +0000 (15:56 +0100)]
s390x: do not include ram_addr.h
ram_addr.h is an internal interface and it is not needed anyway by
hw/s390x/ipl.c.
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <
1427295389-5054-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Cornelia Huck [Fri, 20 Mar 2015 12:16:20 +0000 (13:16 +0100)]
virtio-ccw: range check in READ_VQ_CONF
Processing for READ_VQ_CONF needs to check whether the requested queue
value is actually in the supported range and post a channel program
check if not.
Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Cornelia Huck [Fri, 20 Mar 2015 12:08:36 +0000 (13:08 +0100)]
virtio-ccw: fix range check for SET_VQ
VIRTIO_PCI_QUEUE_MAX is already too big; a malicious guest would be
able to trigger a write beyond the VirtQueue structure.
Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Peter Maydell [Sat, 28 Mar 2015 10:10:04 +0000 (10:10 +0000)]
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
# gpg: Signature made Fri Mar 27 22:19:31 2015 GMT using RSA key ID
AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB
# Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E
* remotes/jnsnow/tags/ide-pull-request:
AHCI: Protect cmd register
AHCI: Do not (re)map FB/CLB buffers while not running
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
John Snow [Fri, 27 Mar 2015 19:48:11 +0000 (15:48 -0400)]
AHCI: Protect cmd register
Many bits in the CMD register are supposed to be strictly read-only.
We should not be deleting them on every write.
As a side-effect: pay explicit attention to when a guest marks off
the FIS Receive or Start bits, and disable the status bits ourselves,
instead of letting them implicitly fall off.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id:
1426283454-15590-3-git-send-email-jsnow@redhat.com
John Snow [Fri, 27 Mar 2015 19:48:11 +0000 (15:48 -0400)]
AHCI: Do not (re)map FB/CLB buffers while not running
The FIS Receive Buffer and Command List Buffer pointers
should not be edited while the FIS receive engine or
Command Receive engines are running.
Currently, we attempt to re-map the buffers every time they
are adjusted, but while the AHCI engines are off, these registers
may contain stale values, so we should not attempt to re-map these
values until the engines are reactivated.
Reported-by: Jordan Hargrave <jharg93@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id:
1426283454-15590-2-git-send-email-jsnow@redhat.com
Peter Maydell [Fri, 27 Mar 2015 12:12:27 +0000 (12:12 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Fri Mar 27 11:59:41 2015 GMT using RSA key ID
81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
hw/net/e1000: fix integer endianness
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 27 Mar 2015 10:30:48 +0000 (10:30 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Fri Mar 27 10:13:35 2015 GMT using RSA key ID
81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
block: Document blockdev-add's immaturity
qemu-iotests: Test unaligned 4k zero write
block: Fix unaligned zero write
nvme: Fix unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shannon Zhao [Fri, 13 Mar 2015 05:21:59 +0000 (13:21 +0800)]
hw/net/e1000: fix integer endianness
It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is
unsigned int but is dereferenced as a narrower unsigned short.
This may lead to unexpected results depending on machine
endianness.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id:
1426224119-8352-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Markus Armbruster [Fri, 20 Mar 2015 13:32:17 +0000 (14:32 +0100)]
block: Document blockdev-add's immaturity
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id:
1426858337-21423-1-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fam Zheng [Tue, 24 Mar 2015 01:23:50 +0000 (09:23 +0800)]
qemu-iotests: Test unaligned 4k zero write
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id:
1427160230-4489-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fam Zheng [Tue, 24 Mar 2015 01:23:49 +0000 (09:23 +0800)]
block: Fix unaligned zero write
If the zero write is not aligned, bdrv_co_do_pwritev will segfault
because of accessing to the NULL qiov passed in by bdrv_co_write_zeroes.
Fix this by allocating a local qiov in bdrv_co_do_pwritev if the request
is not aligned. (In this case the padding iovs are necessary anyway, so
it doesn't hurt.)
Also add a check at the end of bdrv_co_do_pwritev to clear the zero flag
if padding is involved.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id:
1427160230-4489-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Weil [Sat, 14 Mar 2015 16:00:44 +0000 (17:00 +0100)]
nvme: Fix unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
The shift operation on nlb gives a 32 bit result if no type cast is
applied. This bug was reported by Coverity.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id:
1426348844-8793-1-git-send-email-sw@weilnetz.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Thu, 26 Mar 2015 18:35:09 +0000 (18:35 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-
20150326-1' into staging
gtk: do not call gtk_widget_get_window if drawing area is not initialized
# gpg: Signature made Thu Mar 26 16:59:55 2015 GMT using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-gtk-
20150326-1:
gtk: do not call gtk_widget_get_window if drawing area is not initialized
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 26 Mar 2015 17:33:35 +0000 (17:33 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Bugfixes and making SCSI adapters IOMMU-friendly.
# gpg: Signature made Thu Mar 26 13:24:05 2015 GMT using RSA key ID
78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
virtio-scsi-dataplane: fix memory leak for VirtIOSCSIVring
misc: fix typos in copyright declaration
exec: avoid possible overwriting of mmaped area in qemu_ram_remap
sparc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
mips: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
m68k: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
nbd: Fix up comment after commit
e140177
vmw_pvscsi: use PCI DMA APIs
megasas: use PCI DMA APIs
cpus: Don't kick un-realized cpus.
i6300esb: Fix signed integer overflow
i6300esb: Correct endiannness
fw_cfg: factor out initialization of FW_CFG_ID (rev. number)
rcu tests: fix compilation on 32-bit ppc
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eduardo Otubo [Thu, 26 Mar 2015 15:56:25 +0000 (16:56 +0100)]
seccomp: libseccomp version varying according to arch
Libseccomp dependency was mandating version 2.2.0 on all architectures
and this was causing configure and virt-test to break on non-updates
distros. This patch works-around it and give a more flexible way to
check the version, giving more time for other distros to update
libseccomp version.
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Reported-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Tested-by: Juan Quintela <quintela@redhat.com>
Message-id:
1427385385-30571-1-git-send-email-eduardo.otubo@profitbricks.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Hervé Poussineau [Tue, 24 Mar 2015 19:08:48 +0000 (20:08 +0100)]
gtk: do not call gtk_widget_get_window if drawing area is not initialized
This prevents gtk_widget_get_window to return a NULL pointer.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Thu, 26 Mar 2015 14:47:53 +0000 (14:47 +0000)]
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/
20150326' into staging
migration/next for
20150326
# gpg: Signature made Thu Mar 26 14:31:55 2015 GMT using RSA key ID
5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/
20150326:
migration: remove last_sent_block from save_page_header
rdma: Fix cleanup in error paths
Avoid crashing on multiple -incoming
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Juan Quintela [Tue, 17 Mar 2015 11:56:13 +0000 (12:56 +0100)]
migration: remove last_sent_block from save_page_header
Compression code (still not on tree) want to call this funtion from
outside the migration thread, so we can't write to last_sent_block.
Instead of reverting full patch:
[PULL 07/11] save_block_hdr: we can recalculate
Just revert the parts that touch last_sent_block.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Padmanabh Ratnakar [Thu, 26 Mar 2015 02:08:04 +0000 (07:38 +0530)]
rdma: Fix cleanup in error paths
As part of commit
e325b49a320b493cc5d69e263751ff716dc458fe,
order in which resources are destroyed was changed for fixing
a seg fault. Due to this change, CQ will never get destroyed as
CQ should be destroyed after QP destruction. Seg fault is caused
improper cleanup when connection fails. Fixing cleanup after
connection failure and order in which resources are destroyed
in qemu_rdma_cleanup() routine.
Signed-off-by: Meghana Cheripady <meghana.cheripady@emulex.com>
Signed-off-by: Padmanabh Ratnakar <padmanabh.ratnakar@emulex.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 26 Feb 2015 14:16:06 +0000 (14:16 +0000)]
Avoid crashing on multiple -incoming
Passing multiple -incoming options used to crash qemu (due to
an invalid state transition incoming->incoming). Instead we now
take the last -incoming option, e.g.:
qemu-system-x86_64 -nographic -incoming tcp::4444 -incoming defer
ends up doing the defer.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Peter Maydell [Thu, 26 Mar 2015 13:30:41 +0000 (13:30 +0000)]
Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for 2.3 ppc - 2015-03-25
Just a few bug fixes before 2.3 gets released:
- pseries: Firmware update, bugfixes
- remove POWER5+ v0.0 that we incorrectly introduced in 2.3
- Fix -machine usb=no
- Fix -boot once=foo in pseries
- Add NULL pointer check in pseries machine init
# gpg: Signature made Wed Mar 25 21:53:20 2015 GMT using RSA key ID
03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg: aka "Alexander Graf <alex@csgraf.de>"
* remotes/agraf/tags/signed-ppc-for-upstream:
powerpc: fix -machine usb=no for newworld and pseries machines
PPC: pseries: Implement boot once=foo
target-ppc: Remove POWER5+ v0.0 that never existed
spapr: Add missing checks for NULL pointers and report failures
pseries: Update SLOF firmware image to qemu-slof-
20150313
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ting Wang [Thu, 26 Mar 2015 07:42:32 +0000 (15:42 +0800)]
virtio-scsi-dataplane: fix memory leak for VirtIOSCSIVring
VirtIOSCSIVring which allocated in virtio_scsi_vring_init
should be free when dataplane has been stopped or failed to start.
Signed-off-by: Ting Wang <kathy.wangting@huawei.com>
Message-Id: <
1427355752-25844-1-git-send-email-kathy.wangting@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gonglei [Thu, 26 Mar 2015 12:57:43 +0000 (20:57 +0800)]
misc: fix typos in copyright declaration
Add a space after comma.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <
1427374663-10168-1-git-send-email-arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Thu, 26 Mar 2015 12:18:44 +0000 (12:18 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc, virtio bugfixes for 2.3
Several bugfixes, nothing stands out especially.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed Mar 25 12:42:10 2015 GMT using RSA key ID
D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
virtio-net: validate backend queue numbers against bus limitation
virtio-serial: fix virtio config size
acpi: Add missing GCC_FMT_ATTR to local function
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 26 Mar 2015 11:10:54 +0000 (11:10 +0000)]
Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-
20150325' into staging
seccomp branch queue
# gpg: Signature made Wed Mar 25 10:09:29 2015 GMT using RSA key ID
12F8BD2F
# gpg: Can't check signature: public key not found
* remotes/otubo/tags/pull-seccomp-
20150325:
seccomp: update libseccomp version and remove arch restriction
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Wed, 25 Mar 2015 13:14:56 +0000 (14:14 +0100)]
exec: avoid possible overwriting of mmaped area in qemu_ram_remap
It is not necessary to munmap an area before remapping it with MAP_FIXED;
if the memory region specified by addr and len overlaps pages of any
existing mapping, then the overlapped part of the existing mapping will
be discarded.
On the other hand, if QEMU does munmap the pages, there is a small
probability that another mmap sneaks in and catches the just-freed
portion of the address space. In effect, munmap followed by
mmap(MAP_FIXED) is a use-after-free error, and Coverity flags it
as such. Fix it.
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 23 Mar 2015 17:05:28 +0000 (18:05 +0100)]
powerpc: fix -machine usb=no for newworld and pseries machines
Capture the explicit setting of "usb=no" into a separate bool, and
use it to skip the update of machine->usb in the board init function.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Wed, 18 Mar 2015 12:30:44 +0000 (13:30 +0100)]
PPC: pseries: Implement boot once=foo
On sPAPR we haven't supported boot once ever since it emerged, but
recently grew need for it. This patch implements boot once logic
to it.
While at it, we also move to the new bootdevice handling that got
introduced to the tree recently.
Reported-by: Dinar Valeev <dvaleev@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Wed, 18 Mar 2015 03:11:21 +0000 (14:11 +1100)]
target-ppc: Remove POWER5+ v0.0 that never existed
IBM uses low 16bits to specify the chip version of a POWER CPU.
So there has never been an actual silicon with PVR = 0x003B0000.
The first silicon would have PVR 0x003B0100 but it is very unlikely
to find it in any machine shipped to any customer as it was too raw.
This removes CPU_POWERPC_POWER5P_v00 definition and changes
POWER5+ and POWERgs aliases (which are synonyms) to point to
POWER5+_v2.1 which can still be found in real machines.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[agraf: fix commit message]
Signed-off-by: Alexander Graf <agraf@suse.de>
Stefan Weil [Sat, 14 Mar 2015 15:29:09 +0000 (16:29 +0100)]
spapr: Add missing checks for NULL pointers and report failures
This fixes potential runtime crashes and two warnings from Coverity.
The new error message does not add a prefix "qemu:" because that is
already done in function hw_error. It also starts with an uppercase
letter because that seems to be the mostly used form.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
[agraf: fix typo]
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Fri, 13 Mar 2015 11:45:13 +0000 (22:45 +1100)]
pseries: Update SLOF firmware image to qemu-slof-
20150313
The changelog is:
> virtio: Fix vring allocation
> helpers: Fix SLOF_alloc_mem_aligned to meet callers expectation
> Set default palette according to "16-color Text Extension" document
> Fix rectangle drawing functions to work also with higher bit depths
> Fix the x86emu patch file
> Silence compiler warning when building the biosemu
> Use device-type Forth word to set up the corresponding property
> Improve /openprom node
> pci-properties: Remove redundant call to device-type
> cas: reconfigure memory nodes
> pci: use 64bit bar ranges
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
Dirk Müller [Tue, 24 Mar 2015 21:30:13 +0000 (22:30 +0100)]
sparc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit
0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-Id: <CAL5wTH7o8uA59Ep0n41i0M19VFWa73n9m172j2W3fjz6=PSVBA@mail.gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Dirk Müller [Tue, 24 Mar 2015 21:28:15 +0000 (22:28 +0100)]
mips: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit
0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-Id: <CAL5wTH4-=HJUvwBu+2o6jGanJesJOyNf3sL8-5+d_-6C3cWBfA@mail.gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Dirk Müller [Tue, 24 Mar 2015 22:11:03 +0000 (23:11 +0100)]
m68k: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit
0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-Id: <CAL5wTH6X-GsT1AA8kEtP_e7oZWGZgi=fCcDfSs3wLgJN30DbUw@mail.gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Jason Wang [Fri, 20 Mar 2015 06:07:50 +0000 (14:07 +0800)]
virtio-net: validate backend queue numbers against bus limitation
We don't validate the backend queue numbers against bus limitation,
this will easily crash qemu if it exceeds the limitation which will
hit the abort() in virtio_del_queue(). An example is trying to
starting a virtio-net device with 256 queues. E.g:
./qemu-system-x86_64 -netdev tap,id=hn0,queues=256 -device
virtio-net-pci,netdev=hn0
Fixing this by doing the validation and fail early.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Michael S. Tsirkin [Wed, 25 Mar 2015 11:33:55 +0000 (12:33 +0100)]
virtio-serial: fix virtio config size
commit
9b70c1790acacae54d559d38ca69186a85040bb8
virtio-serial: switch to standard-headers
changes virtio_console_config size from 8 to 12 bytes:
it adds an optional 4 byte emerg_wr field.
As this crosses a power of two boundary, this changes the PCI BAR size,
which breaks migration compatibility with old qemu machine types.
It's probably a problem for other transports as well.
As a temporary fix, as we don't yet support this new field anyway,
simply make the config size smaller at init time.
Long terms we probably want something along the lines
of virtio_net_set_config_size.
Reported-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Cole Robinson <crobinso@redhat.com>
Stefan Weil [Fri, 20 Mar 2015 17:11:58 +0000 (18:11 +0100)]
acpi: Add missing GCC_FMT_ATTR to local function
This fixes these gcc warnings (not enabled in default build):
hw/acpi/aml-build.c:83:5: warning:
function might be possible candidate for ‘gnu_printf’ format attribute [-Wsuggest-attribute=format]
hw/acpi/aml-build.c:88:5: warning:
function might be possible candidate for ‘gnu_printf’ format attribute [-Wsuggest-attribute=format]
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Markus Armbruster [Wed, 25 Mar 2015 08:18:48 +0000 (09:18 +0100)]
nbd: Fix up comment after commit
e140177
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <
1427271528-11624-1-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 23 Mar 2015 16:28:13 +0000 (17:28 +0100)]
vmw_pvscsi: use PCI DMA APIs
It is wrong to use address_space_memory directly, because there could be an
IOMMU in the middle. Passing the entire PVSCSIRingInfo to RS_GET_FIELD
and RS_SET_FIELD makes it easy to go back to the PVSCSIState.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 23 Mar 2015 16:15:17 +0000 (17:15 +0100)]
megasas: use PCI DMA APIs
It is wrong to use address_space_memory directly, because there could be an
IOMMU in the middle.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Crosthwaite [Mon, 23 Mar 2015 10:48:09 +0000 (03:48 -0700)]
cpus: Don't kick un-realized cpus.
following
a464982499b2f637f6699e3d03e0a9d2e0b5288b, it's now possible for
there to be attempts to take the BQL before CPUs have been realized in
cases where a machine model inits peripherals before the first CPU.
BQL lock aquisition kicks the first_cpu, leading to a segfault if this
happens pre-realize. Guard the CPU kick routine to perform no action for
a CPU that doesn't exist or doesn't have a thread yet.
There was a fix to this with commit
6b49809c597331803ea941eadda813e5bb4e8fe2, but the check there misses
the case where the CPU has been inited and not realized. Strengthen the
check to make sure that the first_cpu has a thread (i.e. it is
realized) before allowing the kick.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <
1427107689-6946-1-git-send-email-peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Gibson [Mon, 23 Mar 2015 01:51:48 +0000 (12:51 +1100)]
i6300esb: Fix signed integer overflow
If the guest programs a sufficiently large timeout value an integer
overflow can occur in i6300esb_restart_timer(). e.g. if the maximum
possible timer preload value of 0xfffff is programmed then we end up with
the calculation:
timeout = get_ticks_per_sec() * (0xfffff << 15) /
33000000;
get_ticks_per_sec() returns
1000000000 (10^9) giving:
10^9 * (0xfffff * 2^15) == 0x1dcd632329b000000 (65 bits)
Obviously the division by 33MHz brings it back under 64-bits, but the
overflow has already occurred.
Since signed integer overflow has undefined behaviour in C, in theory this
could be arbitrarily bad. In practice, the overflowed value wraps around
to something negative, causing the watchdog to immediately expire, killing
the guest, which is still fairly bad.
The bug can be triggered by running a Linux guest, loading the i6300esb
driver with parameter "heartbeat=2046" and opening /dev/watchdog. The
watchdog will trigger as soon as the device is opened.
This patch corrects the problem by using muldiv64(), which effectively
allows a 128-bit intermediate value between the multiplication and
division.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <
1427075508-12099-3-git-send-email-david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Gibson [Mon, 23 Mar 2015 01:51:47 +0000 (12:51 +1100)]
i6300esb: Correct endiannness
The IO operations for the i6300esb watchdog timer are marked as
DEVICE_NATIVE_ENDIAN. This is not correct, and - as a PCI device - should
be DEVICE_LITTLE_ENDIAN.
This allows i6300esb to work on ppc targets (yes, using an Intel ICH
derived device on ppc is a bit odd, but the driver exists on the guest
and there's no more obviously suitable watchdog device).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <
1427075508-12099-2-git-send-email-david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gabriel L. Somlo [Thu, 19 Mar 2015 18:20:44 +0000 (14:20 -0400)]
fw_cfg: factor out initialization of FW_CFG_ID (rev. number)
The fw_cfg documentation says this of the revision key (0x0001, FW_CFG_ID):
> A 32-bit little-endian unsigned int, this item is used as an interface
> revision number, and is currently set to 1 by all QEMU architectures
> which expose a fw_cfg device.
arm/virt doesn't. It could be argued that that's an error in
"hw/arm/virt.c"; on the other hand, all of the other fw_cfg providing
boards set the interface version to 1 manually, despite the device
coming from the same, shared implementation. Therefore, instead of
adding
fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
to arm/virt, consolidate all such existing calls in the fw_cfg
initialization code.
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Message-Id: <
1426789244-26318-1-git-send-email-somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Sat, 21 Mar 2015 15:32:05 +0000 (16:32 +0100)]
rcu tests: fix compilation on 32-bit ppc
32-bit PPC cannot do atomic operations on long long. Inside the loops,
we are already using local counters that are summed at the end of
the run---with some exceptions (rcu_stress_count for rcutorture,
n_nodes for test-rcu-list): fix them to use the same technique.
For test-rcu-list, remove the mostly unused member "val" from the
list. Then, use a mutex to protect the global counts.
Performance does not matter there because every thread will only enter
the critical section once.
Remaining uses of atomic instructions are for ints or pointers.
Reported-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eduardo Otubo [Tue, 17 Mar 2015 11:03:30 +0000 (12:03 +0100)]
seccomp: update libseccomp version and remove arch restriction
Libseccomp version updated to 2.2.0 and arch restriction to x86/x86_64
is now removed. It's supposed to work on armv7l as well.
Related bug: https://bugs.launchpad.net/qemu/+bug/
1363641
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Peter Maydell [Tue, 24 Mar 2015 16:34:16 +0000 (16:34 +0000)]
Update version for v2.3.0-rc1 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 24 Mar 2015 09:52:19 +0000 (09:52 +0000)]
Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-
20150324' into staging
TriCore bugfixes for 2.3-rc1
# gpg: Signature made Tue Mar 24 08:48:33 2015 GMT using RSA key ID
6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"
* remotes/bkoppelmann/tags/pull-tricore-
20150324:
target-tricore: properly fix dvinit_b/h_13
target-tricore: fix RRPW_DEXTR using wrong reg
target-tricore: fix DVINIT_HU/BU calculating overflow before result
target-tricore: Fix two helper functions (clang warnings)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bastian Koppelmann [Mon, 23 Mar 2015 17:24:42 +0000 (18:24 +0100)]
target-tricore: properly fix dvinit_b/h_13
The TriCore documentation was wrong on how to calculate ovf bits for those two
instructions, which I confirmed with real hardware (TC1796 chip). An ovf
actually happens, if the result (without remainder) does not fit into 8/16 bits.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Bastian Koppelmann [Tue, 10 Feb 2015 18:12:31 +0000 (18:12 +0000)]
target-tricore: fix RRPW_DEXTR using wrong reg
RRPW_DEXTR used r1 for the low part and r2 for the high part. It should be the
other way round. This also fixes that the result of the first shift was not
saved in a temp and could overwrite registers that were needed for the second
shift.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Bastian Koppelmann [Thu, 19 Mar 2015 15:36:14 +0000 (15:36 +0000)]
target-tricore: fix DVINIT_HU/BU calculating overflow before result
dvinit_hu/bu for ISA v1.3 calculate the higher part of the result, that is needed
for the overflow bits, after calculating the overflow bits.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Stefan Weil [Sat, 7 Mar 2015 14:43:32 +0000 (15:43 +0100)]
target-tricore: Fix two helper functions (clang warnings)
clang report:
target-tricore/op_helper.c:1247:24: warning:
taking the absolute value of unsigned type 'uint32_t' (aka 'unsigned int')
has no effect [-Wabsolute-value]
target-tricore/op_helper.c:1248:25: warning:
taking the absolute value of unsigned type 'uint32_t' (aka 'unsigned int')
has no effect [-Wabsolute-value]
target-tricore/op_helper.c:1249:19: warning:
taking the absolute value of unsigned type 'uint32_t' (aka 'unsigned int')
has no effect [-Wabsolute-value]
target-tricore/op_helper.c:1297:24: warning:
taking the absolute value of unsigned type 'uint32_t' (aka 'unsigned int')
has no effect [-Wabsolute-value]
target-tricore/op_helper.c:1298:25: warning:
taking the absolute value of unsigned type 'uint32_t' (aka 'unsigned int')
has no effect [-Wabsolute-value]
target-tricore/op_helper.c:1299:19: warning:
taking the absolute value of unsigned type 'uint32_t' (aka 'unsigned int')
has no effect [-Wabsolute-value]
Fix also the divisor which was taken from the wrong register
(thanks to Peter Maydell for this hint).
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-Id: <
1425739412-8144-1-git-send-email-sw@weilnetz.de>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Peter Maydell [Mon, 23 Mar 2015 17:02:12 +0000 (17:02 +0000)]
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
# gpg: Signature made Mon Mar 23 16:51:45 2015 GMT using RSA key ID
AAFC390E
# gpg: Can't check signature: public key not found
* remotes/jnsnow/tags/ide-pull-request:
ahci-test: improve rw buffer patterns
ahci: Fix sglist offset manipulation for BE machines
ide: fix cmd_read_pio when nsectors > 1
ide: fix cmd_write_pio when nsectors > 1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
John Snow [Fri, 20 Mar 2015 00:24:16 +0000 (20:24 -0400)]
ahci-test: improve rw buffer patterns
My pattern was cyclical every 256 bytes, so it missed a fairly obvious
failure case. Add some rand() pepper into the test pattern, and for large
patterns that exceed 256 sectors, start writing an ID per-sector so that
we never generate identical sector patterns.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id:
1426811056-2202-5-git-send-email-jsnow@redhat.com
John Snow [Fri, 20 Mar 2015 00:24:15 +0000 (20:24 -0400)]
ahci: Fix sglist offset manipulation for BE machines
This does not bother DMA, because DMA generally transfers
the entire SGList in one shot if it can.
PIO, on the other hand, tries to transfer just one sector
at a time, and will make multiple visits to the sglist
to fetch memory addresses.
Fix the memory address calculaton when we have an offset
by moving the offset addition OUTSIDE of the le64_to_cpu
calculation.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id:
1426811056-2202-4-git-send-email-jsnow@redhat.com
John Snow [Fri, 20 Mar 2015 00:24:14 +0000 (20:24 -0400)]
ide: fix cmd_read_pio when nsectors > 1
Similar to the cmd_write_pio fix, update the nsector count and
ide sector before we invoke ide_transfer_start.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id:
1426811056-2202-3-git-send-email-jsnow@redhat.com
John Snow [Fri, 20 Mar 2015 00:24:13 +0000 (20:24 -0400)]
ide: fix cmd_write_pio when nsectors > 1
We need to adjust the sector being written to
prior to calling ide_transfer_start, otherwise
we'll write to the same sector again.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id:
1426811056-2202-2-git-send-email-jsnow@redhat.com
Peter Maydell [Mon, 23 Mar 2015 15:11:29 +0000 (15:11 +0000)]
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-
20150323' into staging
linux-user patches for 2.3-rc1
# gpg: Signature made Mon Mar 23 13:51:56 2015 GMT using RSA key ID
DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg: aka "Riku Voipio <riku.voipio@linaro.org>"
* remotes/riku/tags/pull-linux-user-
20150323:
linux-user: fix broken cpu_copy()
linux-user: fix emulation of splice syscall
linux-user/main.c: Remove redundant end_exclusive() in arm_kernel_cmpxchg64_helper()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Leon Alrae [Mon, 23 Mar 2015 12:55:52 +0000 (12:55 +0000)]
linux-user: fix broken cpu_copy()
New threads always point at the same env which is incorrect and usually
leads to a crash.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Andreas Schwab [Tue, 10 Mar 2015 16:11:35 +0000 (17:11 +0100)]
linux-user: fix emulation of splice syscall
The second and fourth argument are in/out parameters, store them back
after the syscall. Also, the fourth argument was mishandled, and EFAULT
handling was missing.
Signed-off-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Chen Gang S [Sun, 25 Jan 2015 11:03:29 +0000 (19:03 +0800)]
linux-user/main.c: Remove redundant end_exclusive() in arm_kernel_cmpxchg64_helper()
start/end_exclusive() need be pairs, except the start_exclusive() in
stop_all_tasks() which is only used by force_sig(), which will be abort.
So at present, start_exclusive() in stop_all_task() need not be paired.
queue_signal() may call force_sig(), or return after kill pid (or queue
signal). If could return from queue_signal(), stop_all_task() would not
be called in time, the next end_exclusive() would be issue.
So in arm_kernel_cmpxchg64_helper() for ARM, need remove end_exclusive()
after queue_signal(). The related commit: "
97cc756 linux-user: Implement
new ARM 64 bit cmpxchg kernel helper".
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Peter Maydell [Fri, 20 Mar 2015 12:26:09 +0000 (12:26 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
X86 queue 2015-03-19
# gpg: Signature made Thu Mar 19 19:40:17 2015 GMT using RSA key ID
984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Haswell-noTSX and Broadwell-noTSX
Revert "target-i386: Disable HLE and RTM on Haswell & Broadwell"
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 20 Mar 2015 10:37:03 +0000 (10:37 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/work/numa-verify-cpus-pull-request' into staging
NUMA queue 2015-03-19
# gpg: Signature made Thu Mar 19 19:25:53 2015 GMT using RSA key ID
984DC5A6
# gpg: Can't check signature: public key not found
* remotes/ehabkost/tags/work/numa-verify-cpus-pull-request:
numa: Print warning if no node is assigned to a CPU
pc: fix default VCPU to NUMA node mapping
numa: introduce machine callback for VCPU to node mapping
numa: Reject configuration if CPU appears on multiple nodes
numa: Reject CPU indexes > max_cpus
numa: Fix off-by-one error at MAX_CPUMASK_BITS check
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 20 Mar 2015 09:50:08 +0000 (09:50 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-
20150320-1' into staging
usb: bugfix collection.
# gpg: Signature made Fri Mar 20 07:51:19 2015 GMT using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-usb-
20150320-1:
ehci: fix segfault when hot-unplugging ehci controller
ohci: fix resource cleanup leak
uhci: fix segfault when hot-unplugging uhci controller
hw/usb: Include USB files only if necessary
usb/dev-storage: Avoid qerror_report_err() outside QMP handlers
usb/dev-storage: Fix QMP device_add missing encryption key failure
monitor usb: Inline monitor_read_bdrv_key_start()'s first part
monitor: Plug memory leak in monitor_read_bdrv_key_start()
monitor: Drop dead QMP check from monitor_read_password()
uhci: Convert to realize
ohci: Complete conversion to realize
usb: Improve companion configuration error messages
usb: Propagate errors through usb_register_companion()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gonglei [Wed, 18 Mar 2015 09:33:47 +0000 (17:33 +0800)]
ehci: fix segfault when hot-unplugging ehci controller
When hot-unplugging the usb controllers (ehci/uhci),
we have to clean all resouce of these devices,
involved registered reset handler. Otherwise, it
may cause NULL pointer access and/or segmentation fault
if we reboot the guest os after hot-unplugging.
Let's hook up reset via DeviceClass->reset() and drop
the qemu_register_reset() call. Then Qemu will register
and unregister the reset handler automatically.
Cc: qemu-stable <qemu-stable@nongnu.org>
Reported-by: Lidonglin <lidonglin@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gonglei [Wed, 18 Mar 2015 09:33:48 +0000 (17:33 +0800)]
ohci: fix resource cleanup leak
When hot-unplugging the usb controllers (ehci/uhci),
we have to clean all resouce of these devices,
involved registered reset handler. Otherwise, it
may cause NULL pointer access and/or segmentation fault
if we reboot the guest os after hot-unplugging.
Let's hook up reset via DeviceClass->reset() and drop
the qemu_register_reset() call. Then Qemu will register
and unregister the reset handler automatically.
Ohci does't support hotplugging/hotunplugging yet, but
existing resource cleanup leak logic likes ehci/uhci.
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gonglei [Wed, 18 Mar 2015 09:33:46 +0000 (17:33 +0800)]
uhci: fix segfault when hot-unplugging uhci controller
When hot-unplugging the usb controllers (ehci/uhci),
we have to clean all resouce of these devices,
involved registered reset handler. Otherwise, it
may cause NULL pointer access and/or segmentation fault
if we reboot the guest os after hot-unplugging.
Let's hook up reset via DeviceClass->reset() and drop
the qemu_register_reset() call. Then Qemu will register
and unregister the reset handler automatically.
Cc: qemu-stable <qemu-stable@nongnu.org>
Reported-by: Lidonglin <lidonglin@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Eduardo Habkost [Fri, 13 Mar 2015 18:58:09 +0000 (15:58 -0300)]
target-i386: Haswell-noTSX and Broadwell-noTSX
With the Intel microcode update that removed HLE and RTM, there will be
different kinds of Haswell and Broadwell CPUs out there: some that still
have the HLE and RTM features, and some that don't have the HLE and RTM
features. On both cases people may be willing to use the pc-*-2.3
machine-types.
So, to cover both cases, introduce Haswell-noTSX and Broadwell-noTSX CPU
models, for hosts that have Haswell and Broadwell CPUs without TSX support.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Eduardo Habkost [Fri, 13 Mar 2015 18:39:43 +0000 (15:39 -0300)]
Revert "target-i386: Disable HLE and RTM on Haswell & Broadwell"
This reverts commit
13704e4c455770d500d6b87b117e32f0d01252c9.
With the Intel microcode update that removed HLE and RTM, there will be
different kinds of Haswell and Broadwell CPUs out there: some that still
have the HLE and RTM features, and some that don't have the HLE and RTM
features. On both cases people may be willing to use the pc-*-2.3
machine-types.
So instead of making the CPU model results confusing by making it depend
on the machine-type, keep HLE and RTM on the existing Haswell and
Broadwell CPU models. The plan is to introduce "Haswell-noTSX" and
"Broadwell-noTSX" CPU models later, for people who have CPUs that don't
have TSX feature available.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Eduardo Habkost [Mon, 9 Feb 2015 19:35:04 +0000 (17:35 -0200)]
numa: Print warning if no node is assigned to a CPU
We need all possible CPUs (including hotplug ones) to be present in the
SRAT when QEMU starts. QEMU already does that correctly today, the only
problem is that when a CPU is omitted from the NUMA configuration, it is
silently assigned to node 0.
Check if all CPUs up to max_cpus are present in the NUMA configuration
and warn about missing CPUs.
Make it just a warning, to allow management software to be updated if
necessary. In the future we may make it a fatal error instead.
Command-line examples:
* Correct, no warning:
$ qemu-system-x86_64 -smp 2,maxcpus=4
$ qemu-system-x86_64 -smp 2,maxcpus=4 -numa node,cpus=0-3
* Incomplete, with warnings:
$ qemu-system-x86_64 -smp 2,maxcpus=4 -numa node,cpus=0
qemu-system-x86_64: warning: CPU(s) not present in any NUMA nodes: 1 2 3
qemu-system-x86_64: warning: All CPU(s) up to maxcpus should be described in NUMA config
$ qemu-system-x86_64 -smp 2,maxcpus=4 -numa node,cpus=0-2
qemu-system-x86_64: warning: CPU(s) not present in any NUMA nodes: 3
qemu-system-x86_64: warning: All CPU(s) up to maxcpus should be described in NUMA config
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
v1 -> v2: (no changes)
v2 -> v3:
* Use enumerate_cpus() and error_report() for error message
* Simplify logic using bitmap_full()
v3 -> v4:
* Clarify error message, mention that all CPUs up to
maxcpus need to be described in NUMA config
v4 -> v5:
* Commit log update, to make problem description clearer
Igor Mammedov [Thu, 19 Mar 2015 17:09:22 +0000 (17:09 +0000)]
pc: fix default VCPU to NUMA node mapping
Since commit
dd0247e0 pc: acpi: mark all possible CPUs as enabled in SRAT
Linux kernel actually tries to use CPU to Node mapping from
QEMU provided SRAT table instead of discarding it, and that
in some cases breaks build_sched_domains() which expects
sane mapping where cores/threads belonging to the same socket
are on the same NUMA node.
With current default round-robin mapping of VCPUs to nodes
guest ends-up with cores/threads belonging to the same socket
being on different NUMA nodes.
For example with following CLI:
qemu-system-x86_64 -m 4G \
-cpu Opteron_G3,vendor=AuthenticAMD \
-smp 5,sockets=1,cores=4,threads=1,maxcpus=8 \
-numa node,nodeid=0 -numa node,nodeid=1
2.6.32 based kernels will hang on boot due to incorrectly built
sched_group-s list in update_sd_lb_stats()
Replacing default mapping with a manual, where VCPUs belonging to
the same socket are on the same NUMA node, fixes the issue for
guests which can't handle nonsense topology i.e. changing CLI to:
-numa node,nodeid=0,cpus=0-3 -numa node,nodeid=1,cpus=4-7
So instead of simply scattering VCPUs around nodes, provide
callback to map the same socket VCPUs to the same NUMA node,
which is what guests would expect from a sane hardware/BIOS.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Igor Mammedov [Thu, 19 Mar 2015 17:09:21 +0000 (17:09 +0000)]
numa: introduce machine callback for VCPU to node mapping
Current default round-robin way of distributing VCPUs among
NUMA nodes might be wrong in case on multi-core/threads
CPUs. Making guests confused wrt topology where cores from
the same socket are on different nodes.
Allow a machine to override default mapping by providing
MachineClass::cpu_index_to_socket_id()
callback which would allow it group VCPUs from a socket
on the same NUMA node.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Eduardo Habkost [Mon, 9 Feb 2015 19:32:04 +0000 (17:32 -0200)]
numa: Reject configuration if CPU appears on multiple nodes
Each CPU can appear in only one NUMA node on the NUMA config. Reject
configuration if a CPU appears in multiple nodes.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Eduardo Habkost [Mon, 9 Feb 2015 19:28:52 +0000 (17:28 -0200)]
numa: Reject CPU indexes > max_cpus
CPU index is always less than max_cpus, as documented at sysemu.h:
> The following shall be true for all CPUs:
> cpu->cpu_index < max_cpus <= MAX_CPUMASK_BITS
Reject configuration which uses invalid CPU indexes.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Eduardo Habkost [Thu, 12 Feb 2015 17:23:48 +0000 (15:23 -0200)]
numa: Fix off-by-one error at MAX_CPUMASK_BITS check
Fix the CPU index check to ensure we don't go beyond the size of the
node_cpu bitmap.
CPU index is always less than MAX_CPUMASK_BITS, as documented at
sysemu.h:
> The following shall be true for all CPUs:
> cpu->cpu_index < max_cpus <= MAX_CPUMASK_BITS
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Peter Maydell [Thu, 19 Mar 2015 17:47:08 +0000 (17:47 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches for 2.3.0-rc1
# gpg: Signature made Thu Mar 19 15:03:26 2015 GMT using RSA key ID
C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
block: Fix blockdev-backup not to use funky error class
raw-posix: Deprecate aio=threads fallback without O_DIRECT
raw-posix: Deprecate host floppy passthrough
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 19 Mar 2015 16:46:32 +0000 (16:46 +0000)]
Merge remote-tracking branch 'remotes/amit/tags/vser-for-2.3-3' into staging
virtio-serial api: guest_writable callback for users
# gpg: Signature made Thu Mar 19 12:06:55 2015 GMT using RSA key ID
854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg: aka "Amit Shah <amit@kernel.org>"
# gpg: aka "Amit Shah <amitshah@gmx.net>"
* remotes/amit/tags/vser-for-2.3-3:
virtio: serial: expose a 'guest_writable' callback for users
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Markus Armbruster [Tue, 17 Mar 2015 07:36:14 +0000 (08:36 +0100)]
block: Fix blockdev-backup not to use funky error class
Error classes are a leftover from the days of "rich" error objects.
New code should always use ERROR_CLASS_GENERIC_ERROR. Commit
b7b9d39..
7c6a4ab added uses of ERROR_CLASS_DEVICE_NOT_FOUND. Replace
them.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Peter Maydell [Thu, 19 Mar 2015 14:10:20 +0000 (14:10 +0000)]
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-03-19' into staging
trivial patches for 2015-03-19
# gpg: Signature made Thu Mar 19 08:57:54 2015 GMT using RSA key ID
A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2015-03-19: (24 commits)
qga/commands-posix: Fix resource leak
elf-loader: Add missing error handling for call of lseek
elf-loader: Fix truncation warning from coverity
hmp: Fix texinfo documentation
Fix typos in comments
qtest/ahci: Fix a bit mask expression
vl: fix resource leak with monitor_fdset_add_fd
smbios: add max speed comdline option for type-17 (meory device) structure
pc-dimm: Add description for device list.
configure: enable kvm on x32
error: Replace error_report() & error_free() with error_report_err()
arm: fix memory leak
qmp: Drop unused .user_print from command definitions
hmp: Fix definition of command quit
target-moxie: Fix warnings from Sparse (one-bit signed bitfield)
block/qapi: Fix Sparse warning
Fix remaining warnings from Sparse (void return)
qom: Fix warning from Sparse
target-mips: Fix warning from Sparse
arm/nseries: Fix warnings from Sparse
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 19 Mar 2015 13:04:07 +0000 (13:04 +0000)]
Merge remote-tracking branch 'remotes/lalrae/tags/mips-
20150318' into staging
MIPS patches 2015-03-18
Changes:
* bug fixes
# gpg: Signature made Wed Mar 18 10:06:00 2015 GMT using RSA key ID
0B29DA6B
# gpg: Can't check signature: public key not found
* remotes/lalrae/tags/mips-
20150318:
target-mips: save cpu state before calling MSA load and store helpers
target-mips: fix hflags modified in delay / forbidden slot
target-mips: fix CP0.BadVAddr by stopping translation on Address Error
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / sdk / emulator / qemu.git / log